Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17383 | 1 Netaddr Project | 1 Netaddr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | |||||
| CVE-2019-17365 | 1 Nixos | 1 Nix | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable. | |||||
| CVE-2019-17334 | 1 Tibco | 5 Spotfire Analyst, Spotfire Analytics Platform For Aws, Spotfire Deployment Kit and 2 more | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below. | |||||
| CVE-2019-17124 | 1 Kramerav | 1 Viaware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | |||||
| CVE-2019-17103 | 1 Bitdefender | 1 Antivirus | 2024-11-21 | 2.1 LOW | 4.9 MEDIUM |
| An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0. | |||||
| CVE-2019-17056 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. | |||||
| CVE-2019-17054 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. | |||||
| CVE-2019-17053 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. | |||||
| CVE-2019-17052 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | |||||
| CVE-2019-17044 | 2 Bmc, Linux | 2 Patrol Agent, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution. | |||||
| CVE-2019-17043 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution. | |||||
| CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | |||||
| CVE-2019-16913 | 1 Pcprotect | 1 Antivirus | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. | |||||
| CVE-2019-16716 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 8.5 HIGH | 6.6 MEDIUM |
| OX App Suite through 7.10.2 has Incorrect Access Control. | |||||
| CVE-2019-16559 | 1 Jenkins | 1 Websphere Deployer | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | |||||
| CVE-2019-16554 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | |||||
| CVE-2019-16552 | 1 Jenkins | 1 Gerrit Trigger | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. | |||||
| CVE-2019-16355 | 1 Beego | 1 Beego | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | |||||
| CVE-2019-16186 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. | |||||
| CVE-2019-16185 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. | |||||